Yeah there's a reg hack in GP. You set some timeout to 0 to force it to TCP. UDP drives the firewalls crazy
Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of joe > Sent: Thursday, April 27, 2006 9:54 PM > To: [email protected] > Subject: RE: [ActiveDir] Forcing Kerberos to use TCP instead of UDP > > Been a bit since I played with this but I seem to recall it is the > CLIENT that gets the reg change. > > RE: #3, did you troubleshoot where the packets were being dropped at? > Most likely there was a misconfigured or failing network device > somewhere along the line. > > joe > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Olivarez, > Sergio J Mr CTNOSC/GD-NS > Sent: Wednesday, April 26, 2006 5:21 PM > To: [email protected] > Subject: RE: [ActiveDir] Forcing Kerberos to use TCP instead of UDP > > > 1)In my experience, yes all dc's. > 2)None that I can think of. Might want to do this to clients that are > having to authenticate over VPN conn. > 3)In my case, when the Kerberos was allowed over UDP it caused many > issues. > When it was forced over TCP all problems were resolved. > 4)Yes, IPSEC over WAN connections. > 5)Haven't heard any complains. > > Read the following article by Joe, it makes some good points about it - > http://www.mail-archive.com/[email protected]/msg40624.html > > > -Sergio > > > -----Original Message----- > From: Danny [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 26, 2006 1:44 PM > To: [email protected] > Subject: Re: [ActiveDir] Forcing Kerberos to use TCP instead of UDP > > On 4/26/06, Olivarez, Sergio J Mr CTNOSC/GD-NS > wrote: > > Many times! What is your concern? > > 1) Does this change need to be made to all DC's? > 2) What changes need to be made to clients and/or GPO's? > 3) Will this have a short (or long) term negative impact to operations? > 4) Has this been a solution for you with broken AD trusts between site > to site VPN connections? > 5) Is there any affect on over network traffic? > > Thanks, > > ...D > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail- > archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail- > archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail- > archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
